[129773] in cryptography@c2.net mail archive
Re: Strength in Complexity?
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Mon Aug 4 17:47:36 2008
To: Tim Hudson <tim.hudson@attglobal.net>
Cc: Cryptography <cryptography@metzdowd.com>
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 04 Aug 2008 15:41:54 -0400
In-Reply-To: <48975690.7000807@attglobal.net> (Tim Hudson's message of "Tue\, 05 Aug 2008 05\:20\:48 +1000")
Tim Hudson <tim.hudson@attglobal.net> writes:
> I think that Arshad's point here is an argument that externalising
> key management handling from normal application logic is a valid one
> but that it is also equally applicable to existing Kerberos
> environments.
>
> I don't think a point beyond "externalisation is good" was trying to
> be made here.
Well, that's not unreasonable.
Of course, if you're looking for ways to add a layer so that
application logic can be detached from authentication logic, GSSAPI is
one answer. People may have varying opinions on GSSAPI, but it does
have the merit of existing and being widely available.
Perry
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
